Remarks and Arguments 

Claims 1-64 have been presented for examination. Claims 1, 22 and 43 have 
been amended. 

Claims 1, 14-21, 22, 35-42, 43 and 57-64 have been rejected under 35 U.S.C. 
§102(b) as anticipated by U.S. Patent No. 6,216,231 ('231). The examiner comments 
that all of the recited limitations are disclosed in the cited reference. 

The present invention is directed to a system that uses credentials to make a 
decision whether a user should be allowed access to a resource. In the inventive 
system, the entity that is responsible for maintaining the credentials "pro-actively" 
refreshes the credentials so that, at the time of presentation, the credentials will meet 
any resource-specific constraints required by a recipient of the credentials. This means 
that the responsible entity must determine which credentials are required and the 
resource-specific constraints applicable to those credentials including when the 
credentials must be refreshed. The responsible entity must then obtain the required 
credentials and insure that these credentials meet the resource-specific constraints 
including any recency constraints so that when a request for access is made it will not 
be denied because the credentials do not meet the constraints. 

The '231 patent clearly does not operate in this "pro-active" fashion. Instead, it 
uses a "top-down" approach in which a security policy server periodically sends a short 
term security policy message (202, '231 Figure 2A) to a revocation authority server 106. 
This message causes the server 106 to periodically generate a time-stamped validity 
certificate 215. A user 130 then obtains a copy 210 of certificate 215 and sends the 
copy to the resource server 140. The resource server then also obtains a copy of the 
validity certificate 21 5 and checks it against the copy sent with the request. If the 
required constraints are not met, then additional actions must be performed as set forth 
at '231 column 12, line 58 - column 13, line 2. Therefore, it is clear that additional 
actions may have to be performed, at the time of presentation, in order to authenticate 
the user. It is these actions that the present invention seeks to avoid. 

The claims have been amended to specifically point out this difference, claim 1 
is representative. It recites "determining credentials that are required to access 
resources including resource-specific constraints that indicate when the credentials 
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must be refreshed, storing in a memory, a ... credential profile including a credential, 
resource-specific constraints for the credential and related information and ... in 
accordance with at least one criterion of a refresh policy and prior to a time of 
presentation of the credential , making a determination, from that credential profile's 
resource-specific constraints, of whether that credential needs to be refreshed so that, 
at the time of presentation, that credential will meet the resource-specific constraints 
...(emphasis added). As discussed above, the '231 patent discloses a system in which 
a request may not succeed because constraints are not met. This is because prior to 
the time of presentation of a credential, no determination is made whether that 
credential needs to be refreshed as recited in claim 1 . Therefore, claim 1 patentably 
distinguishes over the cited '231 patent. 

Claims 14-21 are dependent, either directly or indirectly, on amended claim 1 
and incorporate the limitations thereof. Therefore, they also distinguish over the cited 
reference in the same manner as amended claim 1 . 

Independent claim 22 has been amended in the same manner as claim 1 and 
contains parallel limitations. Therefore, it also distinguishes over the cited reference in 
the same manner as claim 1 . 

Claims 35-42 are dependent, either directly or indirectly, on amended claim 22 
and incorporate the limitations thereof. Therefore, they also distinguish over the cited 
reference in the same manner as amended claim 22. 

Independent claim 43 has been amended in the same manner as claim 1 and 
contains parallel limitations. Therefore, it also distinguishes over the cited reference in 
the same manner as claim 1 . 

Claims 57-64 are dependent, either directly or indirectly, on amended claim 43 
and incorporate the limitations thereof. Therefore, they also distinguish over the cited 
reference in the same manner as amended claim 43. 

Claims 2-13, 23-34 and 44-56 have been indicated as allowable. 

In light of the forgoing amendments and remarks, this application is now believed 
in condition for allowance and a notice of allowance is earnestly solicited. If the 
examiner has any further questions regarding this amendment, he is invited to call 
applicants' attorney at the number listed below. The examiner is hereby authorized to 
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charge any fees or direct any payment under 37 C.F.R. 1 .17, 1 .16 to Deposit Account 
number 02-3038. 



Respectfully submitted 



/5w^ Date: ?/*'/' i~ 



Paul E. Kudirka, Esq. Reg. No. 26,931 
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